[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149

Friday, 14 November 2008

So you have org.jboss.aspect.TCCL which sets the TCCL that is applied a call to
Thread.setContextClassLoader that uses a privileged block to isolate the caller. So the
first issue is that this cannot be a mechanism to circumvent the security check for
calling setContextClassLoader, so the application of the aspect has to have a security
check that applies to codebase where the aspect is being applied. I'm sure the aop
layer does not make this check today.

I still think the generated bytecode in the vfsmemory: location also has a permission that
is inherited from the aspect codebase so that you know what an aspect is allowed to do.
Unless I have granted the setContextClassLoader to the aspect, I'm not going to be
able to apply it to some call context to change the caller's ability to perform a
privileged operation.

View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4189501#...

Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-dev-forums] [Design of POJO Server] - Re: VFS Permissions - JBMICROCONT-149